ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	cc86c2d174	tests: added kerberos test suite	2015-02-19 15:27:58 +01:00
Nikos Mavrogiannopoulos	9a3be087b4	kkdcp: allow the handling of multiple realms per URL	2015-02-19 15:27:55 +01:00
Nikos Mavrogiannopoulos	5f1f0ce87e	reduced level of command socket closed error	2015-02-19 15:27:52 +01:00
Nikos Mavrogiannopoulos	ab74201b99	gssapi: better log messages	2015-02-19 15:27:50 +01:00
Nikos Mavrogiannopoulos	4e9a329b59	pam: return empty message when not in the appropriate state	2015-02-19 15:27:47 +01:00
Nikos Mavrogiannopoulos	953241fc56	gssapi: require the localname to login	2015-02-19 15:27:42 +01:00
Nikos Mavrogiannopoulos	85de70c621	kkdcp: attempt to read the whole message	2015-02-19 15:27:40 +01:00
Nikos Mavrogiannopoulos	3e33936f0c	corrected DER message construction	2015-02-19 15:27:37 +01:00
Nikos Mavrogiannopoulos	f591cb0181	sanitized strcmp check	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	7a46da3379	Use content-length: 0 when closing connection	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	fbce6f5924	when cookie is present avoid basic authentication	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	4a940145ad	doc update	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	597d1a6a47	update username in GSSAPI	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	773d277802	kkdcp: perform the proper encoding and decoding on exchanged data	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	6334bada15	renamed urlfw to kkdcp	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	b5a0fe354f	more specific log message	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	b300177eb7	Added max-password-retries config option That makes the number of retries prior to banning the IP configurable.	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	108d34f613	Ban an IP only when the MAX_PASSWORD_TRIES attempts have been exceeded	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	1fc59e0099	gssapi: better error printing and restrict to SPNEGO	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	1459f39790	X-Need-SPNEGO renamed to X-Support-SPNEGO	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	1f128219ae	if gssapi authentication fails, switch to password auth if possible	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	06f2147155	prohibit worker from sending an auth_type of zero	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	c0ceeba0f8	Fail if authentication modules are changed on reload	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	bfeab4b015	Additional data are passed only to auth module's global_init	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	2d72c0a526	doc update	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	01ec22db27	Allow setting content-type urlfw, and allow tcp	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	ac4ca3cd70	updated documentation	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	494738dd55	Added url-fw config option That allows to specify a class of URLs where, if a client POSTS to it, the data will be forwarded to the configured server, and the client will receive its reply.	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	41a6c25a91	use vasprintf() in cstp_printf()	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	11f43f144a	eliminated auth message upper limit	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	4bbd987525	test-gssapi: added check for gssapi authentication	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	065bcbd2ea	increased maximum message size to 2048	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	daa18cae8d	Ensure that any messages are being forwarded even on success packet	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	51ab9a97d0	only print WWW-Authenticate when there are data to print	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	a08329b398	Allow GSSAPI authentication even from GET commands	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	e865dcb354	In certificate verification separate between no certificate and verification failure	2015-02-19 11:47:20 +01:00
Kevin Cernekee	370fa01de6	gssapi: Don't include gssapi header files if !HAVE_GSSAPI This fixes: CC auth/gssapi.o auth/gssapi.c:30:27: fatal error: gssapi/gssapi.h: No such file or directory #include <gssapi/gssapi.h> ^	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	507d6cc502	test-pass-opt-cert: updated for enable-auth config option	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	afef74fa23	removed the certificate[optional] auth type	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	8bb0af61bc	Added GSSAPI as an additional password auth mechanism That also adds the ability to support an OR composition of multiple authentication methods. That is using the 'enable-auth' config option.	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	5e4763d229	bumped version ocserv_0_9_2	2015-02-18 08:12:19 +01:00
Nikos Mavrogiannopoulos	a6f6dea2cb	ip-lease: use 128 as prefix in local IP	2015-02-17 10:10:52 +01:00
Nikos Mavrogiannopoulos	579900211e	doc update	2015-02-16 23:04:17 +01:00
Nikos Mavrogiannopoulos	8d08df70cc	tests: updated for new IPv4 assignment	2015-02-16 23:03:29 +01:00
Nikos Mavrogiannopoulos	e959c8cfab	manpage: generate a DER PKCS #12 file	2015-02-16 23:02:00 +01:00
Nikos Mavrogiannopoulos	ce19dca719	avoid using the IPv4 network address as tun address, and simplify valid address checking	2015-02-16 23:00:59 +01:00
Nikos Mavrogiannopoulos	aa72455d39	doc update	2015-02-16 15:33:12 +01:00
Nikos Mavrogiannopoulos	f94276fc73	ip-lease: fixed hash value for IPv6 leases This corrects the unique check for assigned IPv6 addresses.	2015-02-16 15:31:43 +01:00
Nikos Mavrogiannopoulos	ebcf2f7352	tests: fix pings to IPv6 addresses for the new tun address	2015-02-16 15:14:07 +01:00
Nikos Mavrogiannopoulos	31fb3b680f	In IPv6 use the network address + 1 as the tun address	2015-02-16 15:13:30 +01:00

1 2 3 4 5 ...

1684 Commits